Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Account Manager] 'Start' = '00000002'
- '<SYSTEM32>\netstat.exe' -ano
- '<SYSTEM32>\tasklist.exe' /svc
- '<SYSTEM32>\ipconfig.exe' -all
- '<SYSTEM32>\svchost.exe' -k "Account Manager"
- '<SYSTEM32>\cmd.exe' /c %TEMP%\AUTOEXEO.bat
- %WINDIR%\Temp\A0011.tmp
- %WINDIR%\Temp\A0010.tmp
- %WINDIR%\Temp\A00F.tmp
- %WINDIR%\Temp\MSI2.tmp
- %WINDIR%\Temp\A0013.tmp
- %WINDIR%\Temp\A0012.tmp
- %TEMP%\AUTOEXEO.bat
- <SYSTEM32>\msxml15.xml
- <SYSTEM32>\fiiaad.dll
- %WINDIR%\Temp\A00E.tmp
- %WINDIR%\Temp\A00D.tmp
- %WINDIR%\Temp\MSI1.tmp
- %WINDIR%\Temp\A0012.tmp
- %WINDIR%\Temp\A0013.tmp
- %WINDIR%\Temp\MSI1.tmp
- %WINDIR%\Temp\A0010.tmp
- %WINDIR%\Temp\A00D.tmp
- %WINDIR%\Temp\A00E.tmp
- %WINDIR%\Temp\A00F.tmp
- '18#.#73.214.27':8080
- DNS ASK dn###.zzux.com